Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

DNSdist — Vulnerabilities & Security Advisories 29

All 29 CVE vulnerabilities found in DNSdist, with AI-generated Chinese analysis, references, and POCs.

This page documents Common Weakness Enumeration vulnerabilities associated with the dnsdist product developed by PowerDNS. It serves as a centralized resource for tracking security flaws specifically impacting this authoritative DNS traffic distribution and filtering tool. The content aggregates data regarding various weakness categories, including improper input validation, configuration mismanagement, and denial of service conditions that could allow unauthorized access or service disruption. The database covers vulnerability reports from the inception of the tool through the most recent quarterly updates, ensuring historical context is preserved alongside current threat intelligence. Readers can utilize this resource to track vendor security advisories issued by PowerDNS over time, gaining insight into how specific issues were resolved and prioritized. Additionally, users can analyze trends within specific weakness classes to understand how architectural decisions in dnsdist influence its security posture. The page also allows for a detailed lookup of the product’s vulnerability history, enabling security teams to assess risk exposure across different versions and deployments. By consolidating these discrete data points into a single view, the page facilitates comprehensive security auditing and compliance reporting without requiring manual cross-referencing of multiple disparate sources. This structured approach supports informed decision-making for administrators managing high-traffic DNS infrastructures, helping them stay ahead of emerging threats and maintain robust network resilience against exploitation attempts targeting known software defects.

Vendor: Open-Xchange

CVE IDTitleCVSSSeverityPublished
CVE-2026-42004 EDNS options smuggling 3.7 Low2026-06-25
CVE-2026-40211 Denial of service via crafted DoH3 queries 5.3 Medium2026-06-25
CVE-2026-40210 Out-of-bounds read in SetMacAddrAction 4.8 Medium2026-06-25
CVE-2026-40209 Denial of service via IXFR queries 5.3 Medium2026-06-25
CVE-2026-40208 Denial of service via DoH3 queries 3.7 Low2026-06-25
CVE-2026-40011 Prometheus denial of service via crafted DNS queries 3.7 Low2026-06-25
CVE-2026-33593 Denial of service via crafted DNSCrypt query 7.5 High2026-04-22
CVE-2026-33594 Outgoing DoH excessive memory allocation 5.3 Medium2026-04-22
CVE-2026-33595 DoQ/DoH3 excessive memory allocation 5.3 Medium2026-04-22
CVE-2026-33597 PRSD detection denial of service 3.7 Low2026-04-22
CVE-2026-33596 TCP backend stream ID overflow 3.1 Low2026-04-22
CVE-2026-33598 Out-of-bounds read in cache inspection via Lua 4.8 Medium2026-04-22
CVE-2026-33599 Out-of-bounds read in service discovery 3.1 Low2026-04-22
CVE-2026-33602 Off-by-one access when processing crafted UDP responses 6.5 Medium2026-04-22
CVE-2026-33254 Resource exhaustion via DoQ/DoH3 connections 5.3 Medium2026-04-22
CVE-2026-27854 Use after free when parsing EDNS options in Lua 4.8 Medium2026-03-31
CVE-2026-27853 Out-of-bounds write when rewriting large DNS packets 5.9 Medium2026-03-31
CVE-2026-24030 Unbounded memory allocation for DoQ and DoH3 5.3 Medium2026-03-31
CVE-2026-24029 DNS over HTTPS ACL bypass 6.5 Medium2026-03-31
CVE-2026-24028 Out-of-bounds read when parsing DNS packets via Lua 5.3 Medium2026-03-31
CVE-2026-0397 Information disclosure via CORS misconfiguration 3.1 Low2026-03-31
CVE-2026-0396 HTML injection in the web dashboard 3.1 Low2026-03-31
CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist CWE-835 3.7 Low2025-09-18
CVE-2025-30193 Denial of service via crafted TCP exchange CWE-674 7.5 High2025-05-20
CVE-2025-30194 Denial of service via crafted DoH exchange CWE-416 7.5 High2025-04-29
CVE-2024-25581 Transfer requests received over DoH can lead to a denial of service in DNSdist CWE-20 7.5 High2024-05-13
CVE-2018-14663 PowerDNS DNSDist 安全漏洞 CWE-20--2018-11-26
CVE-2016-7069 dnsdist 安全漏洞 CWE-20 7.5 -2018-09-11
CVE-2017-7557 dnsdist 安全漏洞 CWE-287 8.8 -2017-08-22

All 29 known CVE vulnerabilities affecting DNSdist with full Chinese analysis, references, and POCs where available.